Overview

overview

7

Static

static

3

c7b0a4d4dc...99.exe

windows7-x64

3

c7b0a4d4dc...99.exe

windows10-2004-x64

3

$SYSDIR/Ba...er.scr

windows7-x64

1

$SYSDIR/Ba...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/static_pub.html

  • Size

    599B

  • MD5

    0bf3de7de6f6a9ece7674fb245c7e428

  • SHA1

    a71d601820676d5741734e825c7347d59570bc98

  • SHA256

    29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b

  • SHA512

    30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\static_pub.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    014f2eaedffe45fb961f7ed322e27830

    SHA1

    67b513cb487a65aeb017379be30b6452804a9275

    SHA256

    fd86ec27286ed6008e362ab37e1bbd6e619e03875411837985728034bfe7fa55

    SHA512

    a9ad2268d7e2d45b3df9e340298d0a6fd8012c83ec82aff5a7ca2273a3142ac5e2c4579473517793d1db91bd17a429d6b9c37a309ab2f0c2dcda5148a9663a08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    217a88d75f2d740479c743c5ebea0da8

    SHA1

    f7064231234d0749520456c345f05e6b8e86d8f1

    SHA256

    9e1b6133eab3b0e51d960ec190aeeb3b8efd98b295db4520e8da65d4528b4b4f

    SHA512

    4e6720c227a6789fd3b0c50ac4382f0694bc3c8fc2a6975476275ac1dba40f2a799f793ca32127d241102949b17933a3aa431087de697331def8d483e66d626b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06a7fec6f7d66573679647fd22ab9ba9

    SHA1

    b0a624371fed358ddc2e1b0b11add7b2db0534c2

    SHA256

    f745ea1e1de9c755a261e9e686ddd855c0ce954999d17fb6a4d75a174b73fa76

    SHA512

    bace5d9e97c162146d41e414dab7eac11ced30187e07b76b3317c5e2ad9346ee305f5e6f93727a58d56149e65022776b927d96798d0aa9228c02a85af6c82b8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7335f0326485a13f0285939ea3543d7

    SHA1

    68e34327f4beeca14b6d88069cee149826da0326

    SHA256

    77baae563c0d36832e928bbed518fc35a10d007721dd80470092506867fb441a

    SHA512

    c6d61367e6934128510bb6aecbe96127238e8bde3ab97ddf53441e085002b01a8a70b1243d8494e4af8a0aa5076a15f8959779858b0452626a1bc96d1a455856

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    313d0864c520dde55850c70ec23b84c0

    SHA1

    5ef339f78b1d3ff03e72b5c2c4f80f98b4a770ba

    SHA256

    d4f605be403ab858b926fdbdb1f940f9aadb933349bd0a044cde988c20585a11

    SHA512

    11bf0983231e3b1562174aea1b9e3b695586479e1ed2b752593ee6fdad0870ec75b59107bcf72fd0b5a07ce18b5394db3905116d8551b56c5a60dc993a31ea9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eadff0a542112a4469b8701382cadbbe

    SHA1

    38a48a2abe6fddedd56ba2aab96748eddfc4587b

    SHA256

    4ba6363fdb313f91d1431187db79939caba104adb5f20e700ea9b1fa37580544

    SHA512

    1045431c09c5143042c44058105209f128fc39dcf767e858536c3243e6ac94d74f9c34a36b7c289a37b1af1c130bf6dceb20f1ec943499d37c89fe5ecc0a7c19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    103994edaef6635f0676298461ec4820

    SHA1

    d9a670b20234d8d0e4a5cdb9bd79567a61b7c660

    SHA256

    ae69bd38085dfb32282bc3779cebab4be6378b4c4ea1766dde5bca0f091793d3

    SHA512

    1e783f06fcb318d11d2c1df8560ef58f625551d007df85d3653e648c05f4ed00e358e0f2f5ad8b3338973cdf3661e2043155bd966a6c3739d513e7a2ca511abe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fc0a76b08f685eff77162edc7214639

    SHA1

    1b9fc4a7d30bbd202ce19479251dbc9dce2ee149

    SHA256

    826ba71e4d76e0a236c62f07502031c272e21e30854fc209a0900857f11b3e72

    SHA512

    4ec387b871e29edea0414b89f016c6da4b141a7664f6fa91da04c15eb6d4bdbb464de2b8c05b7ff3d9ebf92ecdeefe9b12350ff6e9adc26803f866d89c281184

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecb00253867a7d60e825ad2ba88b0d49

    SHA1

    a1d3002c1967993f9e0d69b59961b0061b6831ec

    SHA256

    fe3c6bd615c07f642855c3932c054c20df768b7d59e9406703bc5e090134fcef

    SHA512

    5fed6e1a02ae410c3313b3c4c34df680fbd9197f6364a7e2b0e5c73c39c9cd53e9371480e6be074917f08565a4820fb514dcd7e628785160540f7112864786d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3962bda758a20029b9264ddc89a71b61

    SHA1

    7784dc628d33a78b2a38aefeea7c403e87035255

    SHA256

    606a720a084a59459daad73e3a0b775c17c22dcd0a56226a2ab2cba2ed52acc5

    SHA512

    af0b1c0c041e17b1286309d885b5f861dc79d6b808beca1229ebe6909b2ac593a7cb260e5713e676f010fadbbafa136855202cc87c24d59debc95261387b5811

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7CFE.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7E4E.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit